Perivamsipu

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 52.17.1 Metabase versions prior to 53.9.5 Metabase versions prior to 54.1.5 Description: The issue arises when administrators change Snowflake connection details in Metabase, such as updating a password or switching between password and private key authentication. In these cases, Metabase may not always remove older connection details from its application database. As Metabase attempts to establish a connection using different methods, it logs successful connections, which can include printing the username and password to the logger. This poses a security risk as sensitive credentials are exposed in the logs. Recommendations: For versions prior to 52.17.1, update to version 52.17.1 or later to resolve the issue. For versions prior to 53.9.5, update to version 53.9.5 or later to resolve the issue. For versions prior to 54.1.5, update to version 54.1.5 or later to resolve the issue.